IaaS, PaaS and SaaS: Different Clouds for Different Crowds

Picking the right technology solutions for your organization can be daunting, especially if you’re going it alone or if you’re just not a ‘tech person.’ Selecting the right cloud services is no exception. But you don’t have to be overwhelmed by the cloud.

First off, it can be tremendously helpful to familiarize yourself with what ‘the cloud’ even refers to; when you have a basic understanding of what the cloud is (a way of giving people and organizations IT services and resources that utilizes the internet) and what it’s not (it’s not a place, it’s not in the sky, its performance does not tend to fluctuate with the weather), the idea of moving to the cloud becomes much less scary. So, if you haven’t already, check out the first blog in this series for a straightforward overview of cloud computing, and the second to learn about the top 3 benefits of moving your business to the cloud.

In this piece, we’ll be looking at three types of public cloud service models that individuals and businesses can use:

• Infrastructure-as-a-Service (IaaS)
• Platform-as-a-Service (PaaS)
• Software-as-a-Service (SaaS)

If you’re a business owner thinking about making more use of cloud computing, what you want to know is: Which service model is right for my organization?

This article will help you get a handle on IaaS, PaaS and SaaS — what they are, how they differ, and what benefits you can expect from each. But remember, when it comes to receiving guidance on large-scale IT projects, there’s no substitute for having a strong IT team behind you, either in-house or outsourced. A managed service provider (MSP) can be especially helpful for business owners who are looking to make significant changes to their IT environment.

IaaS, PaaS and SaaS: Buffet or Menu Items?

If you think IaaS, PaaS and SaaS present three mutually exclusive options, think again. Instead of asking which one is right for your business, you should be asking: Which combination of cloud service models best suits my business? There’s no rule saying you have to use only one of the three. Much like a buffet, you could — if it makes good business sense — have a little of each. Indeed, a lot of businesses, especially larger enterprises, use more than one, and oftentimes some combination of all three.

Less Responsibility = Less Control

IaaS, PaaS and SaaS — that’s the order in which you generally see the three cloud service models listed, and there’s a reason for that. IaaS is the most basic type of cloud service model, followed by PaaS, and finally, SaaS. In this context, “basic” is defined in terms of how much control over your IT environment you’re ceding to your cloud provider. So, with IaaS, you’re giving up the least amount of control, and with SaaS, you’re giving up the most. More specifically, with IaaS, you’re moving the fewest number of IT functionalities to the cloud, and with SaaS, you’re moving the most.

Check out this chart depicting exactly which aspects of your IT environment you’re handing over to your cloud provider under IaaS, PaaS and SaaS. As you can see, with all three types of service models, you have fewer IT responsibilities compared to a fully on-premises set up.

SaaS might seem like an attractive choice if your preference is to not have to worry about IT. However, it’s important to keep in mind that less responsibility also means less control. The more of your IT environment you choose to host on the cloud, the less control you have over it. SaaS, for instance, leaves very little room for customization, as SaaS products pretty much come “as is.” In some industries — such as financial services — regulations require certain levels of control over data for security purposes, and some cloud service models might not allow you to achieve those levels. Bottom line: know your industry.

IaaS vs PaaS vs SaaS: A Closer Look

IaaS

Now that we’ve taken a look at the three types of cloud service models from a ‘bird’s-eye view,’ let’s zoom in and look at the specific features of each. This will help you begin to get a clearer idea of which one(s) best serves your business’s needs.

We’ll start with IaaS. IaaS, as its name suggests, delivers IT infrastructure on an on-demand basis. This infrastructure typically includes servers, networking and storage. IaaS can be a good option for smaller businesses that don’t have the time or money to establish their own data center, and need infrastructure quickly and cheaply. It can also make sense for companies that want to leverage the general benefits of the cloud (scalability, cost-effectiveness, etc.), but still require ample control over their applications and IT infrastructure.

PaaS

PaaS gives your company the same cloud-based services as IaaS, plus a few more (namely, operating systems, middleware and runtime). PaaS is a popular cloud service model for software developers, as it enables them to build applications in a quick and scalable fashion using a cloud-hosted platform. Developers who use PaaS don’t have to worry about maintaining and managing operating systems or software updates, as those are handled by the cloud provider. As a result, they can put all their energy and focus into creating and testing new apps.

SaaS

SaaS is the most common type

of cloud service used by individuals and organizations, and it’s not surprising as it’s also the easiest to use. SaaS involves the delivery of applications over the internet to users. Chances are, your organization already utilizes SaaS (popular apps such as Gmail, Google Drive, HubSpot, and the apps in Microsoft 365 are all SaaS offerings). The primary appeal of SaaS is convenience; you’re getting a ready-to-use application, and all you need to use it are a web browser and an internet connection. This means no downloads or installations, as SaaS offerings are hosted entirely on remote servers.

The advantage of SaaS — that it requires very little from your organization in the way of IT management — is also the source of its main limitation; because SaaS products are hosted on the cloud, they don’t typically allow for much customization. However, if you don’t require a high degree of customization from your apps, SaaS can be a perfect solution. SaaS is also suitable for short-term projects and apps that aren’t used very often (e.g., tax software).

Concluding Remarks

If you’re looking into cloud services for your business, and the choice between IaaS, PaaS, and SaaS is making you anxious, take a deep breath and remind yourself …

The fact that you’re looking into matters more closely and researching the different types of cloud service models means that you’re miles ahead of the business owner who is avoiding the cloud altogether, whether out of sheer bias, fear, or simple complacency. The businesses that aren’t fully confident navigating the world of cloud services aren’t the ones that should be worried. It’s the businesses that aren’t even entering that world that need to be concerned, because they’re the ones who aren’t prepared for the digital future.

Besides, the three types of cloud service models all share the general benefits of cloud computing: increased business agility, greater scalability, cost-effectiveness, and robust BDR. So, a gradual migration to the cloud, involving some trial-and-error, is far superior to the strategy of ignoring cloud computing altogether and stubbornly doing everything on-premises.

This doesn’t mean you can choose any type of cloud service model and expect it to do wonders for your business. Adopting cloud-based computing is tied up with various challenges, such as maintaining your security posture, integrating cloud solutions with your on-premises infrastructure, and so forth. And so, migrating to the cloud should be done with care, deliberation, and the help of a trusted IT provider or in-house IT team. That’s the only way to make sure you maximize the benefits of cloud computing for your company.

That said, even if it takes you months — or years even — to find the right cloud-based solutions for your company, by deciding to take steps toward becoming a cloud-based business, you’re ensuring that your business is on the right track. That’s because cloud services have evolved to the point where it’s simply not sensible to opt out entirely. Staying away from the cloud isn’t being ‘down to earth’ so much as it is being a ‘stick in the mud.’

The Top 3 Benefits of Moving Your Business to the Cloud

They say “numbers don’t lie.” If that’s the case, then cloud computing is certainly the way of the future. According to a report put out by the IDC (International Data Corporation), public cloud spending will increase to nearly $500 billion by 2023. To put this figure in context, public cloud spending reached $229 billion in 2019. Another study performed by MarketsandMarkets™ projects that the global cloud market will more than double between 2020 and 2026, when it is expected to balloon to a whopping $832.1 billion.

Behind this pronounced growth is a simple fact: More and more individuals and organizations are migrating to the cloud. Again, the numbers speak for themselves. End-user spending on cloud services totaled $270 billion in 2020, and a forecast from Gartner has that figure increasing to $397.5 billion by 2022. Research from Flexera indicates that 94% of businesses already use the cloud in some capacity.

The trend is obvious: there is a mass migration the cloud services.

But is the hallowed cloud everything it’s cracked up to be, or just another pie in the sky? Why are businesses moving to the cloud in droves? Are they simply following the latest trend, or is cloud computing the real deal — something with concrete and measurable benefits for growing businesses?

In this article, we’re going to break down some key benefits of cloud computing. When you understand what cloud services can do for your business, it’s easier to enter the cloud market at your own pace and on your own terms.

Benefit #1: Cost-Effectiveness

The desire to spend less on IT is one of the main reasons why businesses are flocking to the cloud. There is research suggesting that lowering costs is the primary reason behind nearly half of all businesses’ moves to the cloud. But does cloud computing really help companies save money?

In short, yes. That doesn’t mean adopting any kind of cloud services will lower your costs just like that. Like most significant shifts in your technology strategy, the devil’s in the details. That’s why it’s crucial that you have IT experts whom you trust to help you navigate the transition from on-premises infrastructure to cloud-based architecture. Working with an IT provider such as a managed service provider (MSP) can be a great idea for a growing business that needs help with their overall IT strategy. Moving to the cloud isn’t a one-and-done kind of deal; it’s a process, and without someone to guide you, it’s easy to lose control of the transition and end up suffering losses as a result.

With that said, let’s look at a few ways in which cloud migrations typically help organizations lower their IT expenses.

Trading Capital Expenses for Variable Expenses

Cloud computing removes the need for on-premises IT infrastructure — not all of it, but a sizeable portion. When business owners move to the cloud, they can utilize vital IT resources, like storage and processing power, without having to purchase and maintain onsite hardware to host those resources.

This can be a huge source of savings, as servers aren’t cheap, requiring vast amounts of electricity not only to run, but keep cool. Overheating servers can be an utter catastrophe, as high enough temperatures can fry hardware beyond the point of salvageability.

Economies of Scale

When you receive IT resources through the cloud, the relative cost of those resources compared to their implementation on-premises tends to be lower. This is due to economies of scale. But what are those?

The short answer is that economies of scale are gains in efficiency that result from producing something on a larger scale. How does this relate to cloud computing? Well, the datacenters housing the servers that host the most popular cloud services (AWS, Azure, Google Cloud, etc.) are definitely “on a larger scale” than almost any on-premises set-up. In fact, they’re downright huge, each one containing tens of thousands of servers. The biggest ones use as much electricity in a day that a small town uses in an entire year, and the tech giants who run these colossal facilities spend top dollar on cutting-edge approaches to the delivery of cloud services.

In the ongoing battle over the cloud market, efficiency is the name of the game, and, for a small-to-medium sized business (SMB), keeping up with cloud providers like Amazon and Microsoft is becoming increasingly difficult. Just as a small farm will have trouble growing corn as cheaply as a big industrial farm, so too will an SMB have trouble spinning up IT resources as cheaply as a massive datacenter run by a multi-billion-dollar tech company.

And so, it’s like they say — if you can’t beat then, join them — which is exactly what thousands upon thousands of companies are doing: opting for cloud services in order to get IT resources at a cheaper rate.

Elastic Scalability

Cloud services are delivered on a pay-as-you-go basis, which means you pay more when you need more of a particular service, and less when you need less. This ties into the benefit of flexibility, which we will be discussing shorty, but it also means lower overall costs. You pay for what you need, instead of pouring money into IT infrastructure that you only need to use — or use to its full capacity — some of the time.

For some businesses, having a datacenter onsite is like paying a personal chef a full salary to prepare just a few meals a year. If you find that your organization is paying for more IT resources than it consumes, now is a good time to look into cloud-based services, as it could save you tons of money. With cloud computing, you pay ‘by-the-meal,’ to build on the previous analogy; when your business is hungry — i.e., when it needs more of a particular IT resource or tool — you pay for however much of that resource you wish to consume.

Fewer IT Staff

On-premises IT infrastructure needs to be taken care of, and that requires IT experts on your payroll. We mentioned the importance of keeping servers at the right temperature, but that’s only one of many tasks that your IT team will have to deal with if you keep everything on-premises. When you throw in the opportunity costs that arise when your IT staff is busy with looking after onsite servers — i.e., the price of them not doing other things to help your business — the price of on-premises infrastructure can quickly become unmanageable for your growing business.

Adopting cloud-based services allows you to employ fewer IT experts, and frees up any IT staff you do have to pursue projects that make better use of their time and talents. This means one thing for your business: savings.

Benefit #2: Speed and Flexibility

Cloud computing gives businesses more speed and flexibility. But what does that mean? An analogy can help here. Think about the way electricity works. When you need more electricity, you get it, and you don’t have to wait. You turn on your television, and voilà — you receive more electricity. And when you finish binging your favorite show and decide to finally turn your TV off, the electricity that was flowing subsides. Moreover, your electricity bill goes up and down with the amount of electricity you use.

Cloud computing works in very much the same way (although the analogy is far from perfect). Let’s say a game developer comes up with a popular app that quickly attracts thousands of users, then tens of thousands, then hundreds of thousands! If the hardware and software required to host the game are on-premises, the sudden explosion in users could be a big problem; simply put, the game developer might not have enough servers on-premises to accommodate its product ‘going viral,’ and acquiring and setting up the required number of servers quickly enough just might not be feasible or affordable.

But if the game is hosted on the cloud (i.e., on remote servers in a gigantic datacenter) the company can simply scale up the number of servers it needs to keep pace with demand. And if people get tired of the game, they can scale back down (i.e., rent fewer servers).

This is the speed and flexibility of cloud computing in action, and for a business that needs elastic scalability, it can be the difference between success and failure.

Benefit #3: Greater Productivity

The fact that cloud computing allows workers to access information quickly and from anywhere on the planet — all they need is a device with an internet connection — means businesses that use the cloud can serve their clients and customers much more rapidly and smoothly.

It also means that the rise of remote work and the need for cloud computing go hand in hand. Simply put, if a business expects remote work to be a continuing part of its operations — and many businesses are — pivoting to the cloud will be not only wise, but essential, as it will allow remote workers to do their jobs effectively and without falling afoul of compliance regulations.

Another way cloud-based services help businesses run more smoothly and productively is by providing robust backup disaster and recovery (BDR) solutions, along with an array of policies and technologies devoted to helping keep businesses’ data safe. Popular cloud providers like Amazon and Microsoft have data centers all over the world, and are able to keep your business’s data in multiple locations. So, if for whatever reason (natural disaster, cyberattack, etc.) your data gets wiped out at one of the datacenters in your public cloud provider’s vast network of facilities, you won’t lost that data altogether. This is a huge benefit, as downtime is far from cheap.

Moreover, it’s standard for cloud providers to guarantee certain levels of service in a service level agreement (SLA). Reviewing that document with a trusted IT expert — and even legal counsel — can help assuage any fears you have about the type of security that you’re getting from a cloud solution.

Despite a growing body of evidence that the cloud provides better security than on-premises IT infrastructure, there is still a widespread distrust of cloud services based on the belief that moving to the cloud means letting your information ‘float freely’ in a less-than-secure environment. This concern is not entirely unfounded. Security in the cloud is far from infallible, and migrating to the cloud doesn’t mean that your organization can simply forget about security. Keeping information secure has to be a joint effort, involving you, your employees, your cloud provider, and — if you have one — a trusted IT partner such as an MSP. But with the right cloud solution, your organization can actually experience more security, better BDR, and enhanced compliance.

Concluding Remarks

We began this article with a simple question: Why are so many people and businesses turning to cloud computing? It turns out the answer is simple …

Businesses are adopting cloud-based computing services because doing so brings a host of benefits! It isn’t the ‘allure’ or ‘mystique’ of the cloud that is attracting so many users; it’s the proven functionality of cloud services. Cloud computing is continuing to evolve, and the technology — like any — has room to grow. But businesses that wait around for the cloud to reach its full potential before adopting cloud-based services are likely to get left behind, whereas businesses that jump on cloud computing now — and do so thoughtfully and with a sound strategy — can boost their bottom line and achieve new levels of efficiency.

What is Cloud Computing?

You hear about ‘the cloud’ a lot these days. The IT term has worked its way into popular culture, and most people have some idea of what cloud computing involves. But what exactly is the cloud? Where is the cloud? There’s an undeniable mystique surrounding cloud computing, but it’s not the strange and elusive technology many take it to be.

In this article, we’re going to answer the question ‘What is cloud computing?’ in simple and straightforward terms. It will be the first in a series of four blog posts on cloud computing. The second will take on the topic of how cloud-based services can help businesses grow, the third will focus on the three different types of cloud service models (IaaS, SaaS and PaaS), while the fourth will be about the importance of cloud computing in the managed service provider (MSP) space.

There is No Cloud

Perhaps you’ve seen this bit of tech humor displayed on a t-shirt:

There is no cloud. It’s just someone else’s computer.

They say the best jokes are rooted in truth, and this one is no exception. The truth in question is at the heart of cloud computing — what it is and how it works. Here’s a succinct definition of cloud computing:

Cloud computing refers to the delivery of IT services over the internet on a pay-as-you-go basis.

But here’s the thing, the IT services and resources that are commonly provided over the cloud — servers, databases, storage, networking, software, and more — do not exist in the ether, floating free of any physical basis. Like any computing technology, cloud services live on computers, and more precisely, on servers.

So what makes cloud computing so special? The answer to this question brings us back to the above joke: When you move certain IT functions to the cloud, you’re choosing to use someone else’s computers. More specifically, you’re choosing to store and access your data using servers that are located in huge datacenters owned by cloud providers such as Amazon (AWS), Microsoft (Azure), and Google (Google Cloud).

As opposed to what? Well, as opposed to your own computers (on-premises IT infrastructure). This contrast is at the heart of what makes cloud computing such a powerful technology, but it’s also a common reason why individuals and organizations are wary about moving to the cloud …

The Cloud is Nothing to Fear

A recent report on cloud security found that 75% of enterprises are either “very concerned” or “extremely concerned” about how secure their information is in the cloud. Moving essential IT resources to the cloud — to remote servers that you don’t have physical access to — can sound like a scary proposition; on an intuitive level, business owners might feel like they will have less control over their IT environment and

diminished security simply because there is an instinct to keep the things we care about close. It’s the same instinct that drives some people to store cash under their mattress instead of in a bank.

But migrating to the cloud can have huge benefits. Contrary to what some people think, when you move data, apps, and other IT resources to the cloud, you’re not trading security for convenience — it’s more nuanced than that. In fact, there are ways in which the cloud offers businesses a more secure place to store information, as datacenters owned by large cloud providers are protected by top-notch physical security.

On top of that, migrating to the cloud can be hugely beneficial to a growing business’s bottom line. Stay tuned for the second installment in our four-part series of blog posts on cloud computing, where we discuss in more depth how cloud computing can help businesses grow and flourish, while simultaneously protecting critical data.

Now that we’ve defined what cloud computing is, let’s take a look at the different types of cloud computing.

There is No Cloud … There are Many!

Public vs Private vs Hybrid

There are two ways to categorize different cloud-based services: by deployment model and by service model. Let’s start with the deployment categorization, which distinguishes between three types of cloud computing services:

1. Public Cloud
2. Private Cloud
3. Hybrid Cloud

A public cloud is shared and utilized by multiple organizations, and the cloud infrastructure is owned and managed by a third-party cloud provider. Microsoft Azure is an example of a public cloud. The idea of sharing infrastructure with other organizations might give some business owners pause. But here’s the thing, moving certain IT resources and services to a public cloud doesn’t mean that your organization’s data will be accessible to other businesses. You’re only sharing infrastructure with other businesses, not data.

Two key benefits of migrating to a public cloud are cost and scalability. Letting remote servers host your organization’s IT resources means you don’t have to buy, set up, and manage your own on-premises infrastructure. This can save you a lot of money. A study done by Avasant Research found that companies fully utilizing cloud resources cut IT expenses by 15% on average.

Also, when you use a public cloud, you can scale up at the drop of a hat. Need more computing power? Rent more servers. Need less? Rent fewer. This allows you to flexibly and near instantly adjust the amount of IT resources you’re paying for based on your ever-changing needs.

Private clouds are used by a single organization. The IT infrastructure associated with a private cloud can be on-premises or remote, but the bottom line is that it is dedicated to one organization, which allows for greater control and customization compared to the public cloud. Businesses in the healthcare, financial, and governmental sectors frequently use private clouds for the sake of compliance with government and industry regulations.

Hybrid clouds involve elements of both public and private clouds. A hybrid cloud environment can allow organizations to utilize a private cloud for sensitive data or for minimizing latency (how quickly a network can process data), and a public cloud for workloads that require quick scalability. Hybrid cloud services can also enable a company to make a gradual transition from on-premises infrastructure to cloud computing, instead of migrating all at once.

IaaS vs PaaS vs SaaS

There are three types of service models in cloud computing:

1. Infrastructure-as-a-Service (IaaS)
2. Platform-as-a-Service (PaaS)
3. Software-as-a-Service (SaaS)

These types of cloud services can be delivered via public or private clouds, and they can be understood as forming a hierarchy of responsibility. In plain English, each one represents a greater degree of outsourcing: IaaS hands over some IT resources to a third-party cloud provider. PaaS hands over more. SaaS hands over the most. So, going from IaaS to PaaS to SaaS can be thought of as moving further and further away from fully on-premises IT infrastructure.

So which one is the best?

It depends! Which service model makes sense for a particular business comes down to the particular needs and goals of that business. IT expert Paul Korzeniowski puts this point nicely: “Companies are looking to move daily business services to the cloud. That change is only possible if they can tailor cloud services to their own operations.”

Working with a trusted IT provider who truly understands your business and its goals can be tremendously helpful when it comes to investing in the right type of cloud service model. Watch out for the third installment in this series of blog posts about cloud computing, where we will do a deeper dive into IaaS, PaaS, and SaaS, and the respective benefits of each.

Concluding Remarks

The cloud isn’t so much a new technology as it is a new way of utilizing and mobilizing technology that has been around for decades. In other words, cloud computing isn’t a new kind of IT resource, but a new way of delivering familiar IT resources to individuals and organizations. The reason is exists, like any innovation, is that it helps solve certain problems. Namely, cloud computing provides faster, more flexible, and more cost-effective IT resources — benefits that we will discuss in more depth in our next installment on cloud computing here on The 20 blog: The Top 3 Benefits of Moving Your Business to the Cloud. Don’t miss it!

Written by: Crystal McFerran, CMO

It’s easy to see the value marketing provides when you work in marketing, but it can be a lot harder for others to see the true value of marketing. Marketing feeds into your sales process significantly by generating leads, growing brand awareness and nurturing industry awareness. One of the first steps to really see the return on investment (ROI) is to disconnect your marketing process from traditional, transactional sales. You need to make the intangible become tangible.

How you do this is highly contextual and variable, but it almost always helps to present the data, show the relationships you’ve grown, showcase how your marketing campaigns help sell and then help show how to recognize the intangible parts of what you’ve done throughout the process. What does a lead cost, and how was it fed by your marketing campaigns? By showing this to your company, you can prove your worth.

Seeing Data

The difference between understanding data and seeing data is the difference between dawn and dusk. Dawn marks the start of a new day with new potential, while dusk marks the end of the day, when you wrap up what you’re doing to prepare for the next. You can’t just see the data; you need to really take it in and absorb it.

Data makes up the raw ingredients in your recipe, but metrics are what you get after you cook everything. Raw data can be shaped in many ways, but metrics allow you to show just what the data truly means. There’s a hair’s distance between seeing data and it meaning something.

Seeing Relationships

If some random company remembers your birthday, do you remember that? When your birthday comes, will you think of a random company that didn’t reach out or the one company that actually did? The company that sends me a coupon has a much better chance of me thinking of it than the one that doesn’t. If you reach out, you have the chance of your customers thinking about you.

However, too much interaction can feel oppressive. My spam filter keeps getting smarter because some brands get lazier with their campaigns. Great — you know my birthday, and every day from my birthday to my half-birthday (which no one cares about), but all you’ve done is alienate me with your constant outreach. A relationship requires upkeep, but you can’t smother it to death.

Seeing Sales Shine

The sales process makes up your funnel, and your marketing campaign is the difference between the filter dealing with mud or water. One is easy to clear up; the other requires time and effort. What do you think your sales team’s time is worth? Marketing frees up your salespeople from dead ends and helps keep other parts of your workplace functioning with synergy instead of working against each other.

Your sales team truly shines when they’re handed leads that work with them rather than against them. Your marketing process should cut a lot of junk out of the sales funnel. What do the leads look like before and after you run your marketing campaign?

Seeing The Intangible

The problem with most of our modern marketing efforts is that they’re too intangible in many ways. Your boss doesn’t get that the extra lead came from Joan specifically because she needed a company to solve her issue and she thought of you because of a conference that she got your card from. She saw your number and thought of you, and now she’s directed her entire business toward your sales team. How much does that first domino in the chain weigh for you?

How much did that lead cost you? Can you quantify it easily, or is it something you need to sit down and think about? How many leads do you manage to pull in, and how much do you spend on your marketing? How much does your sales team spend? If you see the data and you really break it down, you can quickly figure out just what happens from your marketing campaigns.

Seeing The Process

What is your brand’s awareness worth? When James thinks of your field, does he think of you and your company? You can’t control what potential clients think, but you can control how they perceive you.

We work to make sure that when people think of scalable IT, they think of us. When they think of visionary, they think of our CEO. We think big from the ground up. The data means we can see exactly where we are and just where we want to go. We don’t just focus on the sales funnel; we focus on the people behind each sale. Sales can really shine when the whole process enables people to see each other on an equal level.

Seeing The Return On Investment

The difference between the pieces we started with and what we’ve created is the difference between six of one and half a dozen of the other. What about the subtlety between lilac and lavender? They’re both floral, but one is bright and alive in a way the other lacks. Make sure you’re brighter than your competitors.

The ROI you get from your marketing is going to depend on just how you approach the process and how you figure out your results. When you can actually differentiate the dawn from the dusk, you can see the implication of your efforts. Does it work for you, or does it just disappear?

What does each transaction get you? A lead is expensive, but what is it worth to you? Your marketing feeds, catalyzes and enables your sales team. Do you see value, or do you just hope for it? Once you can see the process, you have to comprehend it and help others make sense of it. Is marketing a black hole for you, or is it the process that separates you and your competition?

Meet Jerrod Ford, Videographer!

Jerrod Ford quickly became a tremendous asset to the entire team at The 20. Read below to find out more about Jerrod.

What do you do here at The 20?

I shoot, edit, and create video content. 

Describe The 20 in three words…

Collaborative. Interesting. Fun. 

As a kid, what did you want to be when you grew up? 

I’m sure I had quite a few ideas but it sticks out to me that I wanted to operate construction tractors and heavy machinery. 

What’s the most challenging thing about your job? 

Organizing terabytes of files. 

What do you consider your greatest achievement? 

Being able to provide for myself doing things I enjoy; however, I hope my greatest achievements still lie ahead of me. 

What do you think is the most important quality necessary for success? 

Consistency. 

What do you like most about The 20? 

The people. 

What do you like to do in your spare time? / What are your hobbies? 

I play drums, make music, and dabble with guitar and piano. I also enjoy mountain biking and running. 

Where are you going on your next vacation?

Not 100% sure but hopefully the beach! 

What’s your top life hack?

Interested in working with Jerrod at The 20? We’re hiring! Check out our Careers page for more info.

Cyber insurance is simple in concept, but complicated (to put it lightly) for implementation. It’s a form of insurance which covers expenses related to a cybersecurity breach or similar. But, you’re also getting a cross of the pain points of insurance and cybersecurity. The points make sense when you abstract them a bit, but it’s understanding the what and the why that can be painful.

Business insurance contracts can be confusing and complicated for the exact rules and what pays out what, but cyber insurance can get even more complicated. It covers topics ranging from compliance, to encryption, MFA, security, backups, and outages. You get a little bit of everything on a level most businesses aren’t ready for. It’s not just a technical question, there are rules, and they don’t always make sense.

Compliance

Most businesses are familiar with PCI and HIPAA compliance, but there are even more standards you may or may not need to pay attention to. Which one does your cyber insurance solution use, prefer, or encourage? There are a lot of standards, but some are more pressing than others.

You also have to consider GDPR and CCPA compliance in some industries and economies. There are even more compliance solutions such as CMMC and similar popping up that are preferred. If these acronyms and letter jumbles aren’t ringing a bell, you may need to read up before applying for new insurance policies.

Cyber insurance providers are going to ask you how compliant you are. You might feel confident, but just how compliant are you actually? Are you actually compliant or do you just think you are? What level of third-party audits are you performing to make sure you’re doing what you need to? What compliance standards are you using and how close are you adhering to them? What are you auditing, what level are you auditing, and how often are you doing it?

Have you been certified for your compliance tasks? Who is the compliance officer for your business or client? What level of credentials do they have to make them able to fill this role? You may not need to answer all of these on the insurance form, but it’s best to have the answers available from a security and business liability standpoint.

Encryption

Is data wide open or is it encrypted? What about your backups? What level or type of encryption is in use? Cyber insurance companies are going to ask these questions, and dig much, much deeper.

Are you encrypting communications internally and externally? How about VPNs between sites and for remote workers? Or do you use an advanced SASE system instead?

Encryption is a fundamental part of security and one which will come up constantly with cyber insurance offerings. Some plans may not require it for some industries, but it’s always a good plan to have some level of encryption in your security stack. Data exfiltration isn’t just a liability from an insurance perspective; it’s a liability to a business.

At the very least, it’s near trivial to implement an encryption policy for individual devices including desktops, laptops, and phones. You can work to encrypt sensitive data in SQL and similar to protect sensitive applications. You need to also make sure backup solutions are encrypted where possible as well.

There isn’t a one size fits all approach to encryption. Some products you need for your industry may not work as expected with encryption on certain data. Other products may just not have encryption as an option. Cyber insurance providers are aware you may have your hands tied, but they need to know to properly assess liability.

Scope of Data

How much data are you managing? How many individual records are there and how are they classified? Do you have generic data on a million individuals or hugely in-depth, personal data on a smaller set? You don’t need to have exact numbers (necessarily), but you need to have a rough scope of what you’re working with.

The more data you have which is personally identifying, the more it can impact HIPAA, PCI, etc. compliance. How much data you have also impacts how likely you are to be a target. Personally Identifiable Information (PII) is worth a lot to certain groups. The right PII can be used to carry out social engineering attacks or even used to circumvent certain security systems (e.g. biometric data).

What type of data do you have and where are you storing it? Are you using cloud repositories such as Dropbox and OneDrive to store certain data or is it all local? The where is as important as the what, since an insecure onsite backup is less safe than a secured cloud system, but a private cloud (and properly secured) is the safest of the three.

Cyber insurance vendors want to know what kind of data you have and where it is. This determines how large your attack surface may be and what is potentially at stake for your business in the event of a breach.

Multi-Factor Authentication and Credentials

Do you apply Multi-Factor Authentication (MFA) across the site with everything possible? If not, is there a good reason (e.g. nothing of any real value) or is it due to a technical limitation of a service?

MFA solutions will help cut down on the value of a password substantially which increases the inherent security of a system. This leads to a harder time breaching a specific site or data repository. Some cyber insurance providers want MFA applied to virtually everything, others are a little more flexible with the right security setup. Either way, a lack of MFA on core infrastructure and important data sources is a serious security concern.

MFA blurs into protecting and limited access to privileged user accounts as well. Sometimes, you need a specific admin account while the person managing said service needs substantially less access to do their job. Are you using a single account or reducing the chance of being breached by having the admin account locked up somewhere?

Solutions like ITGlue (despite being a documentation product, it manages passwords as well) can help limit this access and provide a way to audit who has accessed a given resource. You get a system to account for who has what access and when they use it. This allows for better monitoring of credential usage and allows a gatekeeping process for privileged accounts.

Security

What AV solution are you using? Are you using a Next-Generation Antivirus (NGAV) solution, an Endpoint Detection and Response (EDR) system or similar across the business? What about next-generation firewalls like Palo Altos or similar which can work at layer 7? Are you using zero trust architecture?

Security may also include services or processes such as a SOC, NOC, SIEM, proactive monitoring, proactive auditing, etc. How aware are you of every change to every asset for your business and how do you make sure that everything is complying with your security policy? How often are you installing patches? What legacy software or solutions are in use? Are you using protective DNS services to prevent bottom-of-the-barrel attacks and similar? Do you have an isolation policy or the ability to easily isolate compromised assets?

Many cyber insurance vendors also dive into email and phishing. Are you using DKIM, SPF, and DMARC to help detect spoofed or otherwise questionable emails? Are you using advanced spam filters and similar to reduce the attack surface even further? There are far more questions any good MSP or security provider should be asking.

These questions are ones you should be asking yourself regularly anyway, but cyber insurance brings them to the forefront. Here at The 20, we try to have solutions to virtually all of these questions which fit the needs of secure industries without making work painful. Security requires a balancing act between absolute security and functionality. The right education and the right security solutions can keep your business running smoothly.

Backup

We touched on some parts of backups previously, but cyber insurance dives into this process deeply. The difference between a business with a good Disaster Recovery (DR) policy and one without getting ransomware is the difference between a bad day and bankruptcy. Are you backing up important infrastructure and data? Are you checking your backups and making sure that things are working as expected? Do you keep cold backups or an air-gapped solution to keep data safe? Are you encrypting your backups to prevent exfiltration or exposure in the event of a backup provider having a breach?

These are all best practices for backups at any level, and solutions like Unitrends and similar have made the process relatively easy. What backup provider are you using and how are you making sure it doesn’t become a liability? In the post-security world, it isn’t a matter of if but when you’re breached that makes all the difference. Downtime is extremely expensive.

Standard security policies need to be applied to backups as well. Are you making sure that there aren’t shared credentials or similar to prevent easy exfiltration? Do you use some kind of system to control access to credentials with correct privileges to prevent accidental access? Are you using MFA where possible to limit access to replication vaults or backup appliances where possible?

Uptime

How much uptime do you have? When is the last time your site went down and how long was it for? Why did you have downtime and what could you do differently? All of these are going to be lines of near-inquisition from a cyber insurance vendor.

You can tell them what you plan to do, but no plan survives an encounter with the enemy. What happened when you actually had to test your plan? Were you down for a few minutes or down for days? Are you making sure to shore up said issues or are there ticking time bombs at your business?

Security is meaningless if someone bypasses it or if the response doesn’t work. Post-security also means that prevention is only one half of the equation to a proper defense for your business. Do you have a track record of your assets going down or is your infrastructure resilient?

The more likely a business is to suffer negative downtime, the harder it is to justify insuring said business. You can have everything great in theory, but how has it been tested? Or has it?

Summary

The cyber insurance process is extremely complex, but all of the questions asked will make sense. They want to know what you do, how you do it, and how it’s worked out. Virtually every question on a cyber insurance application is one you should already have in your primary security and business plan for yourself or your client (even if the form isn’t the same).

Are you adhering to compliance standards which affect your industry? How do you know? Are you encrypting any and all data that makes sense? How much data are you working with and where is it? Do you use MFA where possible? What is your proactive and response security like and what all are you throwing at keeping your business safe? How good are your backups and are they actually functional? How much downtime have you had, what caused it, and how did you respond?

Asked this way, all of these questions boil down to a basic security plan. You just need to know every detail and every facet to ensure that your business is actually secure, and a way to put it in something that can be converted to financial details. Can you walk the walk or just talk the talk? Use a cyber insurance checklist (or ideally multiple checklists) as a roadmap for your own business success.

Contact us at The 20 to learn more about what we can do to make your business grow.

What is a SOC?

It’s good to be nervous about the recent explosion of cybercrime, but it’s even better to be prepared. If you’re a business owner, now is the time to invest in your organization’s security posture, but deciding how much to invest, and which tools, strategies, and solutions to invest in, can be difficult, confusing, and stressful. You want to be responsible and keep your business safe, but your budget is limited, which means you’ll have to make tough choices about where and how to spend it. This is especially true for small-to-medium sized business (SMB) owners, who can’t afford the same protective measures as corporate giants. This article is written with you in mind.

One security solution you might have heard about as an SMB owner is a security operations center (SOC — pronounced “sock”). The following discussion will help you answer two questions:

1. What is a SOC?
2. Should I establish a SOC for my SMB?

We can’t definitively answer the second question for you, as your business’s particular needs are just that — particular (i.e., unique to your situation). But we can provide general guidelines that will assist you in making an informed and responsible decision.

What is a SOC?

Defining a SOC

The term “SOC” is sometimes used to refer to a facility that houses a team of information security experts. But this definition is quickly becoming obsolete, as there are virtual SOCs which do not exist at a single location. A better definition equates a SOC with the cybersecurity personnel themselves, along with the processes and technology they employ to monitor and manage an organization’s security posture in real time (and generally on a 24/7 basis).

The overarching purpose of a SOC is to bolster an organization’s cybersecurity by identifying, mitigating, and preventing risks before they escalate into larger, business-disrupting problems. In our day and age, being proactive about cybersecurity — as opposed to reactive — is a must, and establishing a SOC means fully embracing the proactive philosophy.

Who is in a SOC?

The exact makeup of a SOC will vary, with larger SOCs containing more people and more specialized roles. But, generally speaking, a SOC team will include analysts, engineers, and managers.

Analysts’ primary responsibility is to detect potential security threats and assign them a level of urgency in order to trigger the appropriate response. Your SOC’s analysts are your first line of defense against malicious actors who want to penetrate your organization’s network.

A SOC’s engineers design, implement, and maintain the tools that constitute your organization’s security architecture. This means ensuring that your systems receive regular updates, as well as recommending any changes that seem necessary in light of the ever-evolving security landscape. Security engineers are also responsible for documenting security processes and protocols, which allows the rest of the SOC team to carry out their duties effectively and efficiently, as well as ensures that your organization remains compliant with relevant governmental and industry regulations.

Overseeing the entire SOC are security managers. A security manager’s duties are many, and include coordinating the activities of analysts and engineers, hiring/training new staff, working closely with management (e.g., the chief information security officer) to align security strategies with business goals, and spearheading responses to major security incidents.

Some SOCs will have personnel with highly specialized roles (e.g., compliance auditors and forensics investigators). Also, depending on the size of a SOC, a single person may take on multiple roles.

How does a SOC work?

Security Information and Event Management (SIEM)

A SOC protects your organization by proactively scanning your organization’s entire digital infrastructure — networks, databases, servers, endpoints, applications, websites, etc. — ideally on a 24/7/365 basis.

Most SOCs exhibit a “hub and spoke” architecture, where computer-generated log data from various systems in your organization is continuously collected and analyzed for anomalous (i.e., suspicious) activity. The amount of data we’re talking about here is vast, and the modern SOC employs a security information and event management (SIEM) system to corral all of this information and organize it in a way that makes it amenable to human analysis.

The power of SIEM software comes from its ability to sift through huge batches of data in mere seconds, and employ machine learning to define “normal” network activity. The latter is especially crucial for preventing “threat fatigue,” which arises when a SOC is overwhelmed by simply too many alerts, many of which are false alarms. With an effective SIEM solution, a SOC can rely on technology to weed out false positives, freeing up team members to focus on actual threats.

Incident Response

When a SOC does come across a legitimate threat, it’s all systems go. After the urgency of the threat is established, a sequence of responsive measures is initiated to shrink “breakout time” as much as possible (“breakout time” is the time it takes an intruder to move from the first compromised machine to other parts of your network). These measures can include isolating endpoints, deleting files, stopping harmful processes, and deploying backups to negate ransomware.

Prevention Techniques

In addition to detecting and responding to threats, a SOC is also tasked with preventing incidents from occurring in the first place. One way a SOC achieves this is by analyzing breaches and performing

“root-case analysis,” which allows security personnel to trace a cyberattack back to its source. Finding out where intruders were able to penetrate your network enables your SOC to shore up gaps in your security posture and prevent similar events from occurring in the future. A SOC can also prevent future attacks by proactively searching for weaknesses in your network and system. “Ethical hacking,” for example, involves members of your SOC attempting to breach your network to learn what will and won’t work when actual hackers make similar attempts.

Does Your Organization Need a SOC?

A SOC can do wonders for your organization’s security posture, which raises the question: why would any company choose not to have a SOC?

That one’s easy — a SOC is pricey! Paying the salaries of the personnel alone will set you back a good amount (security experts can command 6-figure salaries).

That said, times have changed, and the chances of experiencing a cyberattack have gone up exponentially in the past few years. The FBI’s Internet Crime Complaint Center received 791,790 cybercrime complaints in 2020, a 69% increase from 2019. These complaints caused more than $4.2 billion in losses. We live in dangerous times, and taking extra precautions to keep your business safe isn’t paranoid in the current climate — it’s sensible. Establishing a SOC for your business gives you something that’s hard to put a price tag on: peace of mind.

However, certain businesses need a SOC for more than peace of mind. If your company is in one of the following industries, a SOC isn’t just a good idea, but a necessity, as it will be vital to protecting highly sensitive client information and intellectual property:

• Payment Card Industry
• Healthcare
• Manufacturing
• Financial Services
• Government Agencies
• Education

To be clear, even if your business is not in one of the above industries, you should not automatically conclude that you don’t need a SOC. For instance, if you have ongoing security issues or if you’ve suffered a serious breach in the past, investing in a SOC might be a wise business decision. Another reason to seriously consider opting for a SOC is compliance. If you’re facing a bevvy of strict regulations, or if maintaining compliance is something your organization is struggling with, a SOC can help you put those issues to bed.

At the end of the day, deciding whether to set up a SOC is a complex cost-benefit analysis. Whatever decision you make for your business, it’s important to keep in mind the following: a SOC relies heavily on technology, but the strength of a SOC ultimately comes from people. Your organization’s security posture is something that needs to be actively maintained, as the threat landscape is in a state of continual flux. So, if you do opt for a SOC to keep your business protected, you want to focus on building a team of committed professionals who continually strive to keep abreast of trends in the cybersecurity world. Anything less isn’t worth the investment.

Meet Corey Staton, IT Support Desk Technician!

Corey Staton quickly became a tremendous asset to the entire team at The 20. Read below to find out more about Corey.

What do you do here at The 20?

 For the time being, I am a tier 1 support desk technician that services level 1 tickets with end users.

Describe The 20 in three words…

Like a family. 

As a kid, what did you want to be when you grew up? 

 I never had a particular job in mind growing up, just that I wanted to help everyone that I could. My main goal as a kid was to build an exo-suit style support system for the elderly/disabled to help with motor movements.

What’s the most challenging thing about your job? 

If I had to pick the “most challenging” aspect of my job, I’d have to say that it is just the nature of it being remote support and not involving any hands on support.

What do you consider your greatest achievement? 

I would have to say that my greatest achievement would have to be finding my wife in High School rather than having to search for her as an adult.

What do you think is the most important quality necessary for success? 

I believe that the most important quality that is needed for success in any field is going to be communication. Both the ability to speak up and relay a message effectively, while also being able to listen and understand what is being communicated to you are extremely crucial to anyone’s success at anything that they do.

What do you like most about The 20? 

As mentioned previously, The 20 feels so much like a family and there is genuine care from everyone I have interacted with here. I have had event after unfortunate event happen outside of work and have had nothing but support from those here at The 20 and it means so very much to me to have that kind of support from those who have nothing to do with said events.

What do you like to do in your spare time? / What are your hobbies? 

 I’m quite a social person but as my friends and I have gotten older and moved apart, the main way that we stay in communication and actually spend time together is in video games. In the event that we do get to spend time together physically we will camp, hike, party, and so many more less digital things.

Where are you going on your next vacation?

The next vacation that involves a trip somewhere will most likely just be to Galveston. I lived there and had many relatives that have since passed and have not been back since so I would like to see what all has changed.

What’s your top life hack?

Interested in working with Corey at The 20? We’re hiring! Check out our Careers page for more info.

What is an SLA?

A Service Level Agreement (SLA) is a written document that defines a set of services and the parameters for their delivery.

SLAs can exist between departments within a single organization. For instance, an IT provider might have an SLA that establishes the ‘services’ marketing owes sales each month (e.g., a certain number of qualified leads). However, an SLA most commonly refers to a written contract between a service provider and a client. Our focus here will be on SLAs that Managed Service Providers (MSPs) use with their clients.

If you’re an MSP, the purpose of your SLA is to define the type and scope of services you are committed to offering a client. In addition, your SLA should clearly establish the following items:

• Desired/Expected Performance Levels (and attendant metrics)
• Service Availability
• Customer Responsibilities
• Consequences of Breach

This list is not exhaustive, and we recommend that you look into working with legal counsel when crafting SLAs for your own organization. There are also a variety of templates available online. These can be helpful, but it’s important not to neglect the unique features of your business when drafting an SLA. After all, your SLA is the cornerstone of your documentation, in that it sets down a clear picture of what customers can expect from you. If your SLA is generic, misinterpretations — whether willful or not — can arise between you and your customers. If it’s unrealistic, you’re just setting your MSP up for failure.

So, when drafting an SLA, aim for two things: clarity and accuracy. You want to tell your customers exactly which services you’re providing, how you’ll be providing them, when you’ll be providing them, etc. Define your services clearly. But it’s just as important that the services you define are in fact your services — i.e., the services you know your MSP can deliver, not the ones you hope it can. It’s better to set modest goals in your SLA and then exceed them than it is to set ambitious ones and fall short.

Let’s take a closer look at SLAs. This article will help you understand what the standard components of an SLA are, what the purpose of each component is, and why your MSP needs a good SLA to operate at its best.

Standard Components of an SLA

Type and Scope of Services

What services can your client expect from your MSP? Your SLA needs to answer this question with total clarity. In fact, it can be a good idea to not only list and describe the services you’re offering, but also, certain exclusions. For instance, if you have reasonable grounds to believe that a particular client is expecting a service that your MSP is not willing to provide, establishing that the service in question is not your responsibility can help head off disputes further down the line. Of course, documentation should always be a supplement — and never a substitute — for verbal communication.

Defining your services in a precise fashion is a key part of managing client expectations; if you do not give your clients a clear idea of what they should expect, their expectations of your MSP can quickly outpace your capacities and become unmanageable.

Desired/Expected Performance Levels

Your SLA should define metrics for measuring service quality. Performance metrics in your SLA give your team performance levels to shoot for, and your clients clear standards by which to hold your MSP accountable. You can set up individual metrics for particular services, as well as more general metrics that reflect your MSP’s performance across multiple services and contexts. Your key performance indicators (KPIs) are core metrics that monitor the overall health of your business.

The metrics in your SLA should establish baseline performance levels that you’re confident your MSP can reliably achieve. In other words, set the bar at a realistic height. It’s important that you share your metrics with your clients, either through an online portal or through some other means, to underscore the value of your services. You can hardly utilize your metrics to that end if they reveal consistent failures to meet your own standards of service delivery.

Although showcasing your metrics can be a powerful business tactic, be careful not to give your numbers too much weight. Remember, achieving KPIs is not synonymous with “providing excellent service” or “making your clients happy.” There are aspects of your service that your metrics don’t capture, and it’s entirely possible to provide service that honors your SLA and still comes up short in some other respect. Metrics are useful for assessing service quality, but they’re not the whole story. And, at the end of the day, there’s no substitute for talking to your clients directly and taking their feedback seriously.

Service Availability

Your clients need to know when they can expect to receive support from your MSP. Include your support hours in your SLA, along with any scheduled maintenance, holidays, and other interruptions to service. Most MSPs give uptime guarantees as a percentage. When defining your MSP’s availability, explain in unambiguous language how your support hours relate to your response times, which are themselves an important component of your MSP’s service availability.

Many MSPs use a tiered system for response time guarantees. Tiers represent levels of urgency, with more urgent tickets receiving faster response times. You can look at how other MSPs do things to get ideas, but at the end of the day, the response times you promise your clients need to be what your MSP is capable of achieving on a regular basis. It can be tempting to promise dazzlingly speedy response and resolution times to win a new client, but if you don’t think your desk can reliably respond to critical

issues within 4 hours, don’t make that promise — even if it means losing a potential client. Remember: a dissatisfied and disappointed customer does more harm to your MSP business than failing to close a prospect.

Customer Responsibilities

Your SLA should clarify not only what your MSP owes clients, but what clients owe your MSP. What are their responsibilities? When they have a problem, how should they go about reporting it to you? Be specific. Should they call or email? Does it depend on the severity of their issue? What about your clients’ IT environments — do they need to be up to date in certain respects?

There’s room for negotiation when it comes to finalizing an SLA with a particular client, but make sure to arrive at clear expectations that will allow both parties to benefit from accountability.

Consequences of Breach

Your MSP should of course strive to meet — or exceed — the standards set down in your SLA, but things happen. Even the best MSPs can deviate from their contracts from time to time. What’s important is that you have a system in place for compensating clients in the event of a service failure. A popular approach among MSPs is to provide clients with service credits. But whatever method you adopt, it’s vital that you explain in your SLA exactly how your system of remediation works. If you wish to give out service credits as compensation for service failures, spell out how the service credits will be calculated and distributed. Pick a system that’s fair and stick to it.

Also worth including in your SLA is a “force majeure” clause. The purpose of such a clause is to suspend standard obligations and penalties in times of extraordinary circumstances, such as a natural disaster or an act of terrorism.

The Importance of SLAs to Your MSP

As an MSP, your business depends crucially on recurring revenue generated by long-term clients. In short, you need to build strong, lasting relationships with the people to whom you are providing IT services. A good SLA sets a tone of trust and accountability, establishes your commitment to professionalism, and emphasizes the centrality of transparency and clear communication to how your MSP functions. All of these things provide a solid foundation on which to build healthy and fruitful business partnerships with clients.

Having an SLA and honoring it consistently can go a long way toward preventing unpleasant disputes with your clients, but when tensions do arise, your SLA can serve as a critical de-escalation tool. When your commitments and agreements with clients are written down in clear, unambiguous language, you have something objective and concrete you can point to when emotions are running high. You don’t want to ‘weaponize’ your SLA and use it to disregard your clients’ experiences, but in times of conflict —especially conflict that reaches the level of a legal dispute — protecting your MSP is imperative, and your SLA can help shield you from costly and time-consuming battles with dissatisfied clients.

Finally, a word on how to approach writing SLAs for your MSP. Firstly, focus on getting your “Master SLA” ironed out. This will serve as the template from which you construct specific SLAs for individual

clients. A good Master SLA will include the nuts and bolts of your business, and will be easy to alter to fit the unique needs of different clients.

When writing SLAs for different clients, keep their unique needs in mind, as well as the condition of their IT infrastructures. Again, “under-promise and over-deliver” should be your guiding principle when drafting specific components of an SLA.

You also want to make sure you train your staff thoroughly on the protocols and procedures contained in your SLA. When everyone on your team knows what your SLA lays out, you can all sing from the same sheet of music and operate more efficiently and cohesively to secure client satisfaction and build your brand.

Concluding Thoughts

A mature MSP needs robust documentation, which starts with an effective SLA. Your SLA contains all of the important information about your service delivery, and plays a key role in setting and managing client expectations. When you take the time to craft a detailed and comprehensive SLA, you end up saving many hours — and headaches — in the long run. However, even the best SLA can’t prevent client dissatisfaction altogether, which makes it all the more vital that your SLA defines your services with the utmost clarity. In the unfortunate event of a legal dispute with a client, you want an SLA without unnecessary vagueness, because the more ‘wiggle room’ there is, the more an angry client (and their lawyers) can leverage your SLA against you.

Here at The 20, we work with the law firm Ciardi Ciardi & Astin to ensure that our MSP members’ SLAs pass muster, even under aggressive scrutiny. We recommend thinking seriously about consulting with legal counsel to help you draft your SLAs, or to shore up SLAs that you’ve already written. In our litigious age, you really can’t be too careful.

Drafting SLAs and other critical documents for your MSP can be intimidating. The 20 is a group of MSPs who work together to conquer the ‘business side’ of IT. With our guidance and the collective expertise of our community of IT pros, you can navigate the challenges of growing your business with confidence and a proven model for success. Get in touch with us today to learn how we can help.

Meet Robert of Eagle Secure Solutions!

Tell us a little about your MSP…

Eagle Secure Solutions was founded in 2005 in Lebanon, Pennsylvania. Our focus has been providing managed services to the small business and local government sectors. We currently hold PA COSTARS #3 Contract and the Master ITQ Contract, which allows us to directly sell products & services to the state of Pennsylvania. 

How long have you been a member of The 20?

Eagle Secure Solutions recently joined The 20 and the partnership has opened new doors for us that we wouldn’t have been able to compete with in the past.

Why did your MSP originally look to partner with The 20?

The 20 provided us a more efficient way to procure the necessary add-on products and services that would have costed more to provide internally. In addition to this, we partner with our 20 members to find strategic synergy between our MSP practices.

Tell us about the biggest change in your business since joining The 20.

We now offer so many new services that… it’s a matter of making the time to let the business world know what we can do!

What do you like most about being a member of The 20?

I feel like we are part of a community and we are all invested in each other’s well being.  Instead of seeing each other as  competition, we are strategic partners for our own company goals and directions.

What do you think is the most important quality necessary for success?

The most important quality for success is knowing when to say I need help.

What are your biggest business challenges?

My biggest business challenge is figuring out how to handle the level of growth that The 20 is helping me to achieve. 

What are your areas of focus for 2022?

The focus for 2022 is to continue focusing on local government and small businesses. 

What advice would you share with an MSP looking to scale their business?

Do not be afraid to partner with “competition” and challenge yourself to find partnerships with non-IT organizations; which can potentially provide synergy of your IT products and services.

What book are you currently reading?

I’m not currently reading any books other than those that I read to my first born child, Rebecca.  

Favorite blogs/podcasts

Interested in becoming a member like Eagle Secure Solutions? Click here for more information!